CIS 4615 meeting -*- Outline -*- * protecting-traffic Based on chapter 22 of the book "24 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega (McGraw Hill, 2010) ** network attacks ------------------------------------------ NETWORK ATTACKS Evesdropping 1. Attacker records network traffic 2. Uses that to Replay 1. Attacker records network traffic 2. Attacker replays data to Spoofing 1. Attacker pretends to be server Tampering 1. Attacker modifies traffic Hijacking 1. Attacker waits for a connection 2. Spoofs one of the parties ------------------------------------------ ... obtain confidential information, like passwords Passwords often sent in clear! Or can help brute force attacks on passwords Q: What security service does evesdropping attack? Confidentiality ... authenticate to a service Q: What security service does replay attack? Integrity ... can obtain confidential information or cause mischief spoofing easy in connectionless protocols (like UDP) Better is a challenge-response protocol like Kerberos or NTLM Q: What security service does spoofing attack? Integrity ** background Network protocols weren't originally designed for security ------------------------------------------ BACKGROUND IN NETWORK SECURITY Hub: Attackers in the LAN can see Switch: Address Resolution Protocol (ARP) spoofing - pretend to be a gateway and ARP maps MAC addresses to IP addresses Router: - Routers are big - Have default passwords ------------------------------------------ ... all network traffic from the same hub ... redirect all traffic to themselves ... C/C++ programs (so susceptible to attacks like buffer overflows) ------------------------------------------ MORAL Assume attackers can: - read traffic - modify traffic even in a LAN An application needs to provide: 1. Initial authentication to 2. Ongoing authentication to 3. Confidentiality/Privacy ------------------------------------------ ... make sure both parties know who they are talking to e.g., authenticate server using SSL/TLS authenticate client using a password ... ensure traffic hasn't been diverted or tampered with ... to the extent needed Q: If you care about confidentiality do you need to worry about authentication also? Yes, otherwise it makes no sense. ** remediation ------------------------------------------ REMEDIATION 1. Identify all attack points 2. Use known authentication/encryption such as SSL/TLS, Kerberos, or DCOM 3. Use a hash or HMAC to check for corruption or tampering ------------------------------------------